Amazon reports user data snafu

Amazon.com said it mistakenly shared customer data with undisclosed parties, a privacy misstep by the world’s biggest online retailer heading into its busiest time of year.

The company emailed an undisclosed number of customers Wednesday to report that their emails and names were inadvertently shared because of a technical error that has since been fixed. It also told customers that changing passwords wasn’t necessary.

“We have fixed the issue and informed customers who may have been impacted,” Amazon said in an email, declining to provide further details on who received the private information.

Whether Amazon faces government investigations and fines for the error depends on where the customers live, said Marc Rotenberg, president of the Electronic Privacy Information Center, an independent research group. In the United States, the Federal Trade Commission has been reluctant to probe potential privacy violations, but the European Union would probably investigate and levy fines if any of the data shared was from customers in its jurisdiction, according to Rotenberg. The FTC declined to comment.

“Under the European approach, this appears to violate a fundamental data protection obligation,” he said. “That will lead to an investigation and likely a fine.”

Online holiday sales will top $124 billion this year, up 14.8 percent from a year earlier, according to Adobe. Thanksgiving, Black Friday and Cyber Monday will be among the biggest spending days.

Amazon should have provided more information about the nature of the problem and advised shoppers to be on alert for email phishing scams that could result from their contact information being shared, said Andy Norton, a director at cybersecurity firm Lastline.

“This could be viewed as one of the worst breach notes in history,” he said. “It is creating confusion and uneasiness, and creating more questions than answers, when it should have done the opposite.”

Target was the victim of a high-profile data leak during the 2013 holiday shopping season, when hackers stole credit and debit card data, as well as personal information, from tens of millions of customers. That dented sales and led to a stock slump that contributed to the ouster of CEO Gregg Steinhafel.